The American software company Ivanti has discovered a vulnerability in its Endpoint Manager Mobile application. This is an authentication bypass, an exploit that allows hackers to bypass the authentication process and gain access to confidential data. The company advises customers to install the available security update immediately.
Ivanti and the National Cyber Security Center (NCSC) report this in a Security Advisory.
Ivanti Endpoint Manager Mobile in a Nutshell
Ivanti Endpoint Manager Mobile is an application that helps system administrators map and manage all company assets. It is a tool to see which systems are active and which security measures have been taken to keep malicious people out.
If there are security vulnerabilities or software is not up to date, IT staff can see it at a glance. Endpoint Manager Mobile provides solutions to address these issues. The business community also uses the tool to identify necessary investments in cyber security and cyber resilience.
More than 38,000 customers worldwide use IT solutions from Ivanti, the software company says on its website.
Zero-day exploit gets CVSS score of 10.0
Ivanti employees discovered a zero-day exploit in Endpoint Manager Mobile (EPMM), formerly MobileIron Core. This allows bypassing the authentication process via Remote Code Execution (RCE). Hackers and cybercriminals then gain access to confidential company data. They can also manipulate this data, which jeopardizes the integrity of the information. Finally, it is possible to take control of the EPMM system.
Ivanti indicates that hackers have exploited the vulnerability on a small scale. It is found in versions 11.4, 11.10, 11.9, 11.8 and older versions. The CVE code is CVE-2023-35078 and has a CVSS score of 10.0, the highest score attainable, meaning the exploit’s impact is “critical.” The American software company recommends installing the released security update immediately to prevent further abuse of this zero-day exploit.
Norwegian ministries attacked via vulnerability in EPMM
One of the organizations where the zero-day exploit in Ivanti Endpoint Manager Mobile has been exploited is the Norwegian government. The government announced yesterday that a cyber attack had hit twelve ministries. As a result, civil servants needed help logging in to their e-mail addresses and other applications.
DSS, the agency that provides IT services for most Norwegian ministries, announced Monday evening that the attackers exploited the vulnerability in Ivanti Endpoint Mobile Manager. The service provider says it is working closely with the developer and other international partners to minimize the impact of the vulnerability.
“This vulnerability was unique and was first discovered here in Norway. If we had released the information about the vulnerability too early, it could have contributed to abuse elsewhere in Norway and around the world. The update is now generally available, and it is warranted to disclose what type of vulnerability it is,” the director of the National Security Authority said in a statement.